Online marketplace Minted, best known for its personalized cards and invitations, has been hit with a data breach which attacked its online user database. The company knew of the attack, which happened on May 6, 2020, a week later on May 15th — but customers were only notified in the past few days.
Information that was taken included the names of customers, and also their email addresses and the password that were used to log in to their accounts. But these passwords were hacked and salted, meaning they were not in plain text, Minted said in an email sent to customers. Additionally, some customers had additional information taken, including birth dates, for less than one percent of customers, and others also had their telephone numbers, plus billing and shipping addressees involved of they had been provided to Minted, the email read.
People are now encouraged to change their password on the Minted site Getty Images/iStockphoto
Minted is an online site where people can order and send digital invitations, and purchase personalized gifts from photo books to gift wrap. People can upload photos and other material to the site, and have them turned into these items and sent directly from Minted.
Currently, the company does not think customer payment data, like their credit card numbers, their address books — such as information on their friends and family — nor photos or other details that would have been used in designs created on the site, are involved.
Why Minted waited more than two weeks to alert some customers was not addressed both in emails and online. Instead, the company has offered to speak with its clients through a toll-free hotline set up in the U.S., Canada, the UK and Australia.
The company is also encouraging people to change their passwords — especially if they use the same one on other sites as well. Minted specifically is asked customers to not only create a new password, but one "...that is not easy to guess," the company wrote.
Minted customers who have been affected can also choose to run their passwords through an online password manager, use a free service such as Google's Password Check to see if their passwords have been affected, or at least take the opportunity to run through some of the steps to help secure other areas of their digital life.